On November 6, 2023, the Department of Commerce's Bureau of Industry and Security (BIS) and the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) issued a Joint Notice (the November 2023 Notice) highlighting a new Suspicious Activity Report (SAR) key term that U.S. financial institutions should use when filing SARs related to export control evasion. In addition, the November 2023 Notice provides financial institutions with new red flags to assist in identifying transactions potentially in violation of the Export Administration Regulations (EAR) administered by BIS.
The Departments of Commerce and Treasury, among other agencies, have jurisdiction over certain exports, reexports, and transfers of goods, including certain technologies. Financial institutions are required to file SARs with FinCEN if they know, suspect, or have reason to suspect a transaction was attempted or actually processed through their institutions in order to facilitate criminal activity, including sanctions or export control evasion. BIS leverages SARs to investigate potential export control violations.
In June 2022, BIS and FinCEN issued a Joint Alert (the 2022 Alert) providing guidance to companies on tactics used to evade export controls implemented in connection with Russia's invasion of Ukraine. Notably, the 2022 Alert instructed U.S. financial institutions to reference the term "FIN-2022-RUSSIABIS" in SARs to FinCEN when identifying potential Russia-related export control evasion. The 2022 Alert also contained 22 red flag indicators of export control evasion and included transshipment of goods to Russia in its focus.
In May 2023, BIS and FinCEN issued a Supplemental Joint Alert (the 2023 Supplemental Alert) on new BIS export control restrictions related to Russia, including restrictions on low-level items exported to Russia and semiconductors and information on new entries added to BIS's Entity List. The Supplemental Alert also provided more general guidance on export control evasion typologies and red flags to be read in conjunction with those listed in the 2022 Alert. The Supplemental Alert again highlighted the new "FIN-2022-RUSSIABIS" key term to be used in SARs referencing Russia-related export control evasion.
Building upon the 2022 Alert and the 2023 Supplemental Alert, BIS and FinCEN issued the November 2023 Notice to address export control evasion occurring in relation to other illicit actors or adversarial nations, aside from Russia.
The November 2023 Notice and the New Key SAR Term "FIN-2023-GLOBALEXPORT"
Importantly, the November 2023 Notice announced a new SAR key term, "FIN-2023-GLOBALEXPORT." According to BIS and FinCEN, this term should be referenced in SAR field 2 (Filing Institution Note to FinCEN) for the reporting of potential export control evasion efforts beyond those related to Russia. Field 2 should also reference the November 2023 Notice itself and may highlight additional key words from the notice in the SAR narrative.
However, financial institutions should continue to use "FIN-2022-RUSSIABIS" for those SARs related to potential Russian export control evasion. If there is uncertainty over which key term to use, FinCEN instructs financial institutions to use both "FIN-2022-RUSSIABIS" and "FIN-2023-GLOBALEXPORT."
November 2023 Notice Red Flags
The November 2023 Notice highlights red flags for potentially evasive transactions that may be tied to a U.S. adversaries' acquisition of items used in military operations or in support of surveillance programs enabling human rights abuses. According to BIS, investigations into these transaction types are being prioritized by the Disruptive Technology Strike Force (DTSF), a task force co-led by BIS and the U.S. Department of Justice (DOJ). The DTSF has urged companies, including financial institutions, to scrutinize exports of so-called "disruptive technology," such as advanced semiconductors, supercomputing hardware, and quantum and hypersonic technologies.
The November 2023 Notice red flag indictors include (among others):
- Transactions involving a purported civil end-user, but research indicates the address of the transaction party is a military facility, or one co-located with a military facility, in a country of concern
- Transactions involving a last-minute change in payment routing that previously involved a country of concern, but such transaction is now routed differently
- Transactions involving transshipment of "disruptive technology" (including in payment memos) to countries of concern
The November 2023 Notice also stresses that financial institutions and other entities conducting U.S. trade, including those dealing with U.S.-origin goods or services, should apply risk-based measures and be sure to review trade financing documents for information suggesting suspicious activity or export evasion.
- If a U.S. financial institution suspects export control evasion activity that does not involve Russia, the institution should file a SAR referencing the November 2023 Notice and the key term "FIN-2023-GLOBALEXPORT" in SAR field 2. Potential export control evasion activity involving Russia should continue to reference "FIN-2022-RUSSIABIS." Both terms may be used if there is uncertainty.
- Companies engaged in export activity, including those exporting or reexporting U.S. origin-goods or services or institutions processing related transactions, should scrutinize transactions involving the supply of advanced technologies (e.g., advanced semiconductors, supercomputer hardware, or quantum technologies) sought by U.S. adversaries.
- A single red flag may not be indicative of suspicious activity, but all of a transaction's surrounding facts and circumstances should be considered when determining whether a transaction is suspicious or associated with potential export control evasion.
- Companies should review the BIS and FinCEN-issued 2022 Alert, the 2023 Supplemental Alert, and the November 2023 Notice, taking note of red flags from each alert for implementation into their compliance programs. This would include implementing such indicators into sanctions and export controls risk assessments, active investigations and lookbacks, and company training.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.